From kees at kernel.org Thu Feb 20 02:57:01 2025 From: kees at kernel.org (Kees Cook) Date: Wed, 19 Feb 2025 18:57:01 -0800 Subject: [rds-devel] [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad() In-Reply-To: <20250219224730.73093-2-thorsten.blum@linux.dev> References: <20250219224730.73093-2-thorsten.blum@linux.dev> Message-ID: <202502191855.C9B9A7AA@keescook> On Wed, Feb 19, 2025 at 11:47:31PM +0100, Thorsten Blum wrote: > strncpy() is deprecated for NUL-terminated destination buffers. Use > strscpy_pad() instead and remove the manual NUL-termination. When doing these conversions, please describe two aspects of conversions: - Why is it safe to be NUL terminated - Why is it safe to be/not-be NUL-padded In this case, the latter needs examination. Looking at how ctr is used, it is memcpy()ed later, which means this string MUST be NUL padded or it will leak stack memory contents. So, please use strscpy_pad() here. :) -Kees > > Compile-tested only. > > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening at vger.kernel.org > Signed-off-by: Thorsten Blum > --- > net/rds/stats.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/net/rds/stats.c b/net/rds/stats.c > index 9e87da43c004..cb2e3d2cdf73 100644 > --- a/net/rds/stats.c > +++ b/net/rds/stats.c > @@ -89,8 +89,7 @@ void rds_stats_info_copy(struct rds_info_iterator *iter, > > for (i = 0; i < nr; i++) { > BUG_ON(strlen(names[i]) >= sizeof(ctr.name)); > - strncpy(ctr.name, names[i], sizeof(ctr.name) - 1); > - ctr.name[sizeof(ctr.name) - 1] = '\0'; > + strscpy_pad(ctr.name, names[i]); > ctr.value = values[i]; > > rds_info_copy(iter, &ctr, sizeof(ctr)); > -- > 2.48.1 > > -- Kees Cook From kees at kernel.org Thu Feb 20 08:54:38 2025 From: kees at kernel.org (Kees Cook) Date: Thu, 20 Feb 2025 00:54:38 -0800 Subject: [rds-devel] [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad() In-Reply-To: <08A0C3AE-A255-467F-A007-5584E8E44517@linux.dev> References: <20250219224730.73093-2-thorsten.blum@linux.dev> <202502191855.C9B9A7AA@keescook> <08A0C3AE-A255-467F-A007-5584E8E44517@linux.dev> Message-ID: On February 19, 2025 11:04:18 PM PST, Thorsten Blum wrote: >On 20. Feb 2025, at 03:57, Kees Cook wrote: >> On Wed, Feb 19, 2025 at 11:47:31PM +0100, Thorsten Blum wrote: >>> strncpy() is deprecated for NUL-terminated destination buffers. Use >>> strscpy_pad() instead and remove the manual NUL-termination. >> >> When doing these conversions, please describe two aspects of >> conversions: >> >> - Why is it safe to be NUL terminated >> - Why is it safe to be/not-be NUL-padded >> >> In this case, the latter needs examination. Looking at how ctr is used, >> it is memcpy()ed later, which means this string MUST be NUL padded or it >> will leak stack memory contents. >> >> So, please use strscpy_pad() here. :) > >I am using strscpy_pad() here already because of the NUL-padding. > >Did you just miss that? Well that's embarrassing. Yes, I must need stronger glasses. *sigh* Apologies for the noise! Reviewed-by: Kees Cook -- Kees Cook From thorsten.blum at linux.dev Wed Feb 19 22:47:31 2025 From: thorsten.blum at linux.dev (Thorsten Blum) Date: Wed, 19 Feb 2025 23:47:31 +0100 Subject: [rds-devel] [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad() Message-ID: <20250219224730.73093-2-thorsten.blum@linux.dev> strncpy() is deprecated for NUL-terminated destination buffers. Use strscpy_pad() instead and remove the manual NUL-termination. Compile-tested only. Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening at vger.kernel.org Signed-off-by: Thorsten Blum --- net/rds/stats.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/rds/stats.c b/net/rds/stats.c index 9e87da43c004..cb2e3d2cdf73 100644 --- a/net/rds/stats.c +++ b/net/rds/stats.c @@ -89,8 +89,7 @@ void rds_stats_info_copy(struct rds_info_iterator *iter, for (i = 0; i < nr; i++) { BUG_ON(strlen(names[i]) >= sizeof(ctr.name)); - strncpy(ctr.name, names[i], sizeof(ctr.name) - 1); - ctr.name[sizeof(ctr.name) - 1] = '\0'; + strscpy_pad(ctr.name, names[i]); ctr.value = values[i]; rds_info_copy(iter, &ctr, sizeof(ctr)); -- 2.48.1 From thorsten.blum at linux.dev Thu Feb 20 07:04:18 2025 From: thorsten.blum at linux.dev (Thorsten Blum) Date: Thu, 20 Feb 2025 08:04:18 +0100 Subject: [rds-devel] [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad() In-Reply-To: <202502191855.C9B9A7AA@keescook> References: <20250219224730.73093-2-thorsten.blum@linux.dev> <202502191855.C9B9A7AA@keescook> Message-ID: <08A0C3AE-A255-467F-A007-5584E8E44517@linux.dev> On 20. Feb 2025, at 03:57, Kees Cook wrote: > On Wed, Feb 19, 2025 at 11:47:31PM +0100, Thorsten Blum wrote: >> strncpy() is deprecated for NUL-terminated destination buffers. Use >> strscpy_pad() instead and remove the manual NUL-termination. > > When doing these conversions, please describe two aspects of > conversions: > > - Why is it safe to be NUL terminated > - Why is it safe to be/not-be NUL-padded > > In this case, the latter needs examination. Looking at how ctr is used, > it is memcpy()ed later, which means this string MUST be NUL padded or it > will leak stack memory contents. > > So, please use strscpy_pad() here. :) I am using strscpy_pad() here already because of the NUL-padding. Did you just miss that? Thanks, Thorsten From allison.henderson at oracle.com Thu Feb 20 18:07:45 2025 From: allison.henderson at oracle.com (Allison Henderson) Date: Thu, 20 Feb 2025 18:07:45 +0000 Subject: [rds-devel] [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad() In-Reply-To: <20250219224730.73093-2-thorsten.blum@linux.dev> References: <20250219224730.73093-2-thorsten.blum@linux.dev> Message-ID: On Wed, 2025-02-19 at 23:47 +0100, Thorsten Blum wrote: > strncpy() is deprecated for NUL-terminated destination buffers. Use > strscpy_pad() instead and remove the manual NUL-termination. > > Compile-tested only. > > Link: https://urldefense.com/v3/__https://github.com/KSPP/linux/issues/90__;!!ACWV5N9M2RV99hQ!MpqMAmj6IIyu7Vj4ddfEGJlJY4rVrJL_g8etOQsHC7pdjZO77P7aOqJe8_JTFwBzZ6tciUDrbb2CjXWJMjdEMJGtpoeBfHU8qw$ > Cc: linux-hardening at vger.kernel.org > Signed-off-by: Thorsten Blum > --- > net/rds/stats.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/net/rds/stats.c b/net/rds/stats.c > index 9e87da43c004..cb2e3d2cdf73 100644 > --- a/net/rds/stats.c > +++ b/net/rds/stats.c > @@ -89,8 +89,7 @@ void rds_stats_info_copy(struct rds_info_iterator *iter, > > for (i = 0; i < nr; i++) { > BUG_ON(strlen(names[i]) >= sizeof(ctr.name)); > - strncpy(ctr.name, names[i], sizeof(ctr.name) - 1); > - ctr.name[sizeof(ctr.name) - 1] = '\0'; > + strscpy_pad(ctr.name, names[i]); > ctr.value = values[i]; > Looks ok to me. Thanks Thorsten! Reviewed-by: Allison Henderson > rds_info_copy(iter, &ctr, sizeof(ctr)); From allison.henderson at oracle.com Thu Feb 20 18:49:16 2025 From: allison.henderson at oracle.com (Allison Henderson) Date: Thu, 20 Feb 2025 18:49:16 +0000 Subject: [rds-devel] [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad() In-Reply-To: References: <20250219224730.73093-2-thorsten.blum@linux.dev> Message-ID: On Thu, 2025-02-20 at 11:07 -0700, Allison Henderson wrote: > On Wed, 2025-02-19 at 23:47 +0100, Thorsten Blum wrote: > > strncpy() is deprecated for NUL-terminated destination buffers. Use > > strscpy_pad() instead and remove the manual NUL-termination. > > > > Compile-tested only. I went ahead and tested this for you, and it looks fine. So, you can go ahead and remove the "Compiled-tested only" and add: Tested-by: Allison Henderson Thank you! Allison > > > > Link: https://urldefense.com/v3/__https://github.com/KSPP/linux/issues/90__;!!ACWV5N9M2RV99hQ!MpqMAmj6IIyu7Vj4ddfEGJlJY4rVrJL_g8etOQsHC7pdjZO77P7aOqJe8_JTFwBzZ6tciUDrbb2CjXWJMjdEMJGtpoeBfHU8qw$ > > Cc: linux-hardening at vger.kernel.org > > Signed-off-by: Thorsten Blum > > --- > > net/rds/stats.c | 3 +-- > > 1 file changed, 1 insertion(+), 2 deletions(-) > > > > diff --git a/net/rds/stats.c b/net/rds/stats.c > > index 9e87da43c004..cb2e3d2cdf73 100644 > > --- a/net/rds/stats.c > > +++ b/net/rds/stats.c > > @@ -89,8 +89,7 @@ void rds_stats_info_copy(struct rds_info_iterator *iter, > > > > for (i = 0; i < nr; i++) { > > BUG_ON(strlen(names[i]) >= sizeof(ctr.name)); > > - strncpy(ctr.name, names[i], sizeof(ctr.name) - 1); > > - ctr.name[sizeof(ctr.name) - 1] = '\0'; > > + strscpy_pad(ctr.name, names[i]); > > ctr.value = values[i]; > > > Looks ok to me. Thanks Thorsten! > Reviewed-by: Allison Henderson > > > rds_info_copy(iter, &ctr, sizeof(ctr)); > From patchwork-bot+netdevbpf at kernel.org Sat Feb 22 00:10:35 2025 From: patchwork-bot+netdevbpf at kernel.org (patchwork-bot+netdevbpf at kernel.org) Date: Sat, 22 Feb 2025 00:10:35 +0000 Subject: [rds-devel] [PATCH net-next] net/rds: Replace deprecated strncpy() with strscpy_pad() In-Reply-To: <20250219224730.73093-2-thorsten.blum@linux.dev> References: <20250219224730.73093-2-thorsten.blum@linux.dev> Message-ID: <174018303525.2244175.8423041588413050651.git-patchwork-notify@kernel.org> Hello: This patch was applied to netdev/net-next.git (main) by Jakub Kicinski : On Wed, 19 Feb 2025 23:47:31 +0100 you wrote: > strncpy() is deprecated for NUL-terminated destination buffers. Use > strscpy_pad() instead and remove the manual NUL-termination. > > Compile-tested only. > > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening at vger.kernel.org > Signed-off-by: Thorsten Blum > > [...] Here is the summary with links: - [net-next] net/rds: Replace deprecated strncpy() with strscpy_pad() https://git.kernel.org/netdev/net-next/c/c451715d78e3 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html